Description

Security researcher Paul Bandha used the used the Address
Sanitizer tool to discover a use-after-free vulnerability when running specific
web content with IndexedDB to create an index. This leads to a
potentially exploitable crash.

In general this flaw cannot be exploited through email in the
Thunderbird product because scripting is disabled, but is potentially a risk in
browser or browser-like contexts.